Over the weekend more excerpts and analysis from James Comey's book, "A Hughes Loyalty" hit the media. And while much of the coverage focusses on his descriptions of the US President and his government, there were some other tidbits in there. In particular, there are some comments Comey made comments regarding the disconnect been the FBI and tech community with regards to encryption. And those comments are important when it comes to legislation that is an advanced stage of development here.
Tagged With encryption
The Minister for Home Affairs, Petter Dutton, has flagged that he plans to introduce legislation to the parliament that will compel companies that provide end-to-end encryption on products and services to decrypt communications and data when requested. But there seems to be a fundamental difference in understanding in how encryption works and how they think it works.
While WhatsApp boasts great end-to-end encryption of messages which is great for those who crave privacy - but a source of chagrin for many in the law enforcement community - it seems the messaging service is susceptible to attacks on user privacy. A research paper released at a security event this week describes how group chats can be leveraged by snoops.
We live in an era where ideas can turn into vast sums of money, and then disappear, in the blink of an eye. Many of today's start-ups start with a way of changing business process and then commercialise that idea. But Nir Gabay, the founder of El-Sight, focussed on solving a very specific problem. And his hardware solution has massive implications that go far beyond his original vision. EL-Sight's core product is a mobile digital video recorder (DVR) that can securely store and transmit data.
We're often told that one of the best protections we can have for our data is to use end-to-end encryption when data is at rest and in-flight so, in the event data is lost either accidentally or though a malicious act, the potential damage is minimised. But a recent study of 331 individuals conducted by the pinion Institute and sponsored by Thales - who has a big business in encryption - says just 32% of Australians have an enterprise-wide encryption policy.
We've all lost a flash drive or two. Whether it was a cheap USB drive containing some promotional material, or a top secret one detailing the security protocol pertaining to a certain Queen of England's travel plans, sometimes we forget things, and have to hope that our sensitive information doesn't fall into the wrong hands. Securing your hardware by encrypting your flash drive beforehand will prevent unauthorised individuals from getting into your misplaced media. It won't get your flash drive back any faster, but you'll know that you and your data aren't in danger while your USB is at large.
Virtual private networks (or VPNs) are great for protecting your privacy and data while you browse the web. They provide increased security on public Wi-Fi networks (coffee shops, airports, etc), and prevent ISPs from collecting personal data, data they want to sell to advertisers. VPNs are also pretty good at letting users circumvent location-based content restrictions put in place by companies like YouTube, Spotify and Netflix. While they're not foolproof, here's how to pick a VPN, and boost your chance of enjoying Game Of Thrones without paying Foxtel a dime.
KRACK - or the Key Reinstallation AttaCK - looks like the new infosec word we all need to know. According to the authors of a paper that will be presented at conference in a couple of weeks, Mathy Vanhoef of KU Leuven and Frank Piessens say they have found a way to circumvent WPA2 security - one of the key tools used for protecting wireless networks. If KRACk proves to be true, all bets are off when it comes to stopping eavesdroppers from listening in to your wireless network.
A while back, I woke up to find my Android phone lingering at a pattern unlock screen. Not just to unlock my screen, but a prompt to decrypt all of my phone's data. I was puzzled. Every other morning, I decrypted my device using a 10-digit, alphanumeric passphrase -- something I perceived, accurately, as being infinitely more secure than tracing a dumb pattern with my finger.
You might know what a virtual private network (VPN) is, but the odds of you actually using one are low. You really should be using a VPN -- ultimately, you may end up seeing it as just as vital as your internet connection. We'll tell you why, explain how to choose a VPN provider and list five that are worth considering.
Your data, from the Christmas party photos you took last year to the tax return you filed (thank God for extensions, right?) is in more places than you think, which means securing as much of it as you can is vital. But the idea of encryption can be intimidating to the inexperienced, and often involves discussion of more esoteric topics like PGP, decryption keys and other terms with which you may be unfamiliar. Fortunately, iOS and Android make it easy to secure your data and protect it from malicious hackers and anyone looking to extract personal information.
According to reports, the Teresa May's government demanded WhatsApp give them access to encrypted messages. That request was flatly denied but it's a topic that may will raise at a meeting being held at the UN. I suspect this is the start of another campaign to undermine the rights of individual privacy by playing the "terrorist use encrypted messaging service card".
Australia's Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, closed out the round of opening keynotes at this years RSA Conference for the Australia Pacific and Japan region. During his address Tehan painted a gloomy picture of our region. But in that doom and gloom he suggested Australia could be a leader in helping the region become stronger while giving the Australian economy a boost as we take the challenges of the region and turn them into opportunities. But the speech and the follow up interview we scored were light on for details.
Over the last few weeks we've seen the government increase the rhetoric around the need to access encrypted messages sent using services such as Telegram, WhatsApp, iMessage and others. The government's view is bad guys are sending messages to coordinate attacks and law enforcement can't eavesdrop, with a warrant, to these conversations in order the thwart the bad guys. On the other side, there's the continued erosion of our right to privacy. CCTV on our streets, metadata retention rules and other measures mean we are monitored more than ever before. But does the government need to have a way to "break" encryption?
Mainframes might seem like the grey-beards of the IT business, with a less than bleeding edge rep compared to modern cloud-based systems. But IBM's new Z Series systems could shift that perception. They have the ability to handle 12 billion encrypted transactions per day using a new encryption engine that makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.
Plenty of ink and pixels have been, and will continue to be, spilt over the government's plan to force technology companies to hand over encrypted data without creating backdoors into systems or somehow weakening privacy provisions. Already, we've heard that the government could make laws that trump the laws of mathematics and there are plenty of critics as to whether the government's plans could make things a lot worse for everyone while making bugger all difference to criminals. But is there a solution?